sudo a graphical app?

T.C. Hollingsworth tchollingsworth at gmail.com
Fri Aug 12 01:43:25 UTC 2011 

On Thu, Aug 11, 2011 at 6:27 PM, Joel Rees <joel.rees at gmail.com> wrote:
> Well, it's not perfect. libflashplayer.so copied into the unprivileged
> user's .mozilla/plugins, but ALSA or PulseAudio gags:
>
> [user9 at fed ~]$ bin/localff user9-boxed
> non-network local connections being added to access control list
> ALSA lib pulse.c:229:(pulse_connect) PulseAudio: Unable to connect:
> Connection refused
>
> ALSA lib pcm_hw.c:1401:(_snd_pcm_hw_open) Invalid value for card
> ALSA lib pulse.c:229:(pulse_connect) PulseAudio: Unable to connect:
> Connection refused
>
> ALSA lib pcm_hw.c:1401:(_snd_pcm_hw_open) Invalid value for card
> ALSA lib pulse.c:229:(pulse_connect) PulseAudio: Unable to connect:
> Connection refused

Probably because PulseAudio on your normal user and PulseAudio in your
boxed user are trying to use the same sound device at the same time.
You can either forward your sound from the PulseAudio server running
as your sandboxed user to the server running as your normal user, or
figure out how to punch a hole in your sandbox that lets apps talk to
the normal user's server.  Audio in vanilla sudoed applications work
just fine on my system so I presume something about your sandbox
configuration is blocking it.

> ...
>
> Video seems to work, though.
>
> Joel Rees
>
> On Thu, Aug 11, 2011 at 9:50 AM, Joel Rees <joel.rees at gmail.com> wrote:
>> On Tue, Aug 9, 2011 at 6:26 PM, Andre Speelmans <fedora-list at cosiso.nl> wrote:
>>> Hi Jeol,
>>>
>>>> sudo -u user9-boxed -- /usr/bin/firefox %u &
>>>>
>>>> gives a "sorry, you must have a tty to run sudo" error in
>>>> /var/log/secure . So does using the firebox command.
>>>
>>> If I recall correctly, there is a line "requiretty" in the
>>> /etc/sudoers file (or can be added). The default value is true, you
>>> might try changing that to false.
>>
>> b'gosh, it says that's supposed to be off by default, but I added
>> !requiretty to the defaults line and the clicky works now!
>>
>> (Now comes the hard part, trying to figure out whether this effort at
>> sandboxing really does any good.)
>>
>> Thanks.
>>
>> Joel Rees

-T.C.

More information about the users mailing list